Every CVE whose affected-product data names Oracle Coherence, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (23)
CVE-2026-35308 — CVSS 10.0 (critical): Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Centralized Third Party Jars). Supported versions…
CVE-2026-35307 — CVSS 10.0 (critical): Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are…
CVE-2026-35310 — CVSS 9.8 (critical): Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are…
CVE-2020-2915 — CVSS 9.8 (critical): Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching, CacheStore, Invocation). Supported versions…
CVE-2026-35309 — CVSS 9.8 (critical): Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Centralized Third Party Jars). Supported versions…
CVE-2026-35304 — CVSS 9.8 (critical): Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are…
CVE-2020-14756 — CVSS 9.8 (critical): Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core Components). Supported versions that are…
CVE-2022-21420 — CVSS 9.8 (critical): Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are…
CVE-2026-35305 — CVSS 9.3 (critical): Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Centralized Third Party Jars). The supported version…
CVE-2026-35306 — CVSS 9.3 (critical): Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Centralized Third Party Jars). The supported version…
CVE-2021-2428 — CVSS 8.1 (high): Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are…
CVE-2020-25649 — CVSS 7.5 (high): A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to…
CVE-2021-2277 — CVSS 7.5 (high): Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are…
CVE-2020-36518 — CVSS 7.5 (high): jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVE-2021-37136 — CVSS 7.5 (high): The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the…
CVE-2020-14642 — CVSS 7.5 (high): Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: CacheStore). Supported versions that are affected are…
CVE-2022-21570 — CVSS 7.5 (high): Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are…
CVE-2021-2371 — CVSS 7.5 (high): Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are…
CVE-2021-2344 — CVSS 7.5 (high): Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are…
CVE-2021-43797 — CVSS 6.5 (medium): Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers…
CVE-2021-21409 — CVSS 5.9 (medium): Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance…
CVE-2020-2949 — CVSS 5.3 (medium): Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching, CacheStore, Invocation). Supported versions…